The Future of eHealth Depends on Taking Cybersecurity Seriously

Updated on

The world of “eHealth” encompasses a great variety of technologies and related sub-sets of technology use, and the use of the term is not standardized. At its core, eHealth refers to virtually everything related to how the internet and related technologies are used in medicine.

Other terms you may have heard under the umbrella of eHealth are:


Q4 2019 hedge fund letters, conferences and more

  • mHealth – Mobile devices/wireless technology used in healthcare
  • Digital health – Typically used interchangeably with eHealth
  • Health Information Technology – Electronic systems used to store, share, and analyze health information (electronic health records, e-prescriptions,
  • Telemedicine – Video conferencing, secure sharing of patient data between providers, remote patient monitoring, etc
  • HIPAA (The Health Insurance Portability and Accountability Act of 1996) – United States legislation that provides provisions for security and data privacy as it relates to the safeguarding of medical information.

The adoption of new technology in healthcare has served as a catalyst for improved productivity among healthcare workers and greater accessibility to much-needed healthcare resources for patients, though it is not without its risks.

Healthcare facilities using internet technologies are prime targets for ransomware – a type of malicious software designed to block access to critical data and computer systems under the threat of deletion unless a ransom is paid.

This sort of cyberattack has led to devastating data breaches of sensitive data, including the records of over 15 million customers of LifeLabs, Canada’s largest diagnostic test provider. 2018-2019 also saw a significant ransomware attack on US soil when the American Medical Collection Agency (AMCA), a medical bill and debt collector, fell victim to a ransomware attack that affected the records of over 20 million US citizens.

How Technology Enhances Patient Care

Over time, advancements in technology have revolutionized the potential for patient care in a variety of ways including the centralization of medical records, enhancing healthcare availability for patients in remote locations, and improving patient adherence through better communication and access to knowledge.

Efficient Processing & Centralization of Medical Records

Prior to the implementation of computers, managing and tracking the medical history of patients was an incredibly cumbersome process. Medical professionals of the 20th century relied on records that were written on paper and kept in folders, and while later advancements such as tabulating machines offered some relief they were no match for the speed and cost savings offered by the computers of today.

In addition to increased productivity, the internet gave healthcare providers the benefit of the centralization of patient medical records. Medical record centralization allows for the medical history of patients to be accessible across multiple healthcare establishments with reduced risk of missing important information in a given patient’s treatment history.

Greater Availability of Healthcare

Advancements in eHealth offer a significant improvement in the quality of life for patients that would normally have limited access to the healthcare they need. Video conferencing technology has provided an opportunity for patients with limited local access to healthcare, such as those living in rural areas or with limited mobility options, to have access to consultations with medical professionals over the internet.

eHealth Technologies: Improvements in Patient Adherence & Knowledge

In order for a treatment plan to be effective, it needs to be followed as prescribed. Unfortunately, a lack of patient adherence (also known as patient compliance) to prescribed treatment plans is a pervasive problem for healthcare professionals.

Some of the many barriers to patient adherence include a lack of trust that some patients have for their providers, as well as patients forgetting to take their medication or otherwise forgetting to adequately follow their provided treatment plan. Patients that have difficulty following a prescribed healthcare routine can benefit from automated reminders and greater opportunity for check-ins from healthcare professionals, all provided to them through eHealth technologies.

Rather than feeling like healthcare is a one-sided endeavor, patients can feel empowered through greater access to a credible knowledgebase. Patients with access to vetted health information through eHealth technologies have the opportunity to participate in their healthcare by better understanding their conditions and the treatment plans prescribed to them.

The Risks of Technology in Healthcare

In a perfect world, we could maximize all of the benefits that interconnected technology can offer with no safety or security threats whatsoever. The unfortunate reality is that while the internet of eHealth technology offers incredible advancements for the quality of patient care, there are inherent cybersecurity risks that come with the adoption of this technology

Data Breaches & Ransomware

The healthcare industry has become a prime target for cybercriminals using ransomware to encrypt sensitive patient data as leverage for extortion of funds. For healthcare organizations without proactive cybersecurity plans, the data stolen in a ransomware attack can be devastating and potentially unrecoverable.

In October 2019 LifeLabs, Canada’s largest diagnostic test provider, disclosed that they fell victim to a ransomware attack that caused the sensitive healthcare and personal information of 15 million customers to be encrypted and potentially leaked. The lawsuits against LifeLabs following the breach may prove to be fateful for the future of the company with an Ontario-based class-action lawsuit asking for the approval of more than $1.13 billion in compensation for clients affected by the data breach.

While the standard advice for reactively responding to a ransomware attack is normally to not pay the ransoms demanded by executors of ransomware attacks, healthcare providers without secure backups of that data are placed in a compromising position should that data be truly lost.

Aside from the potential gains cybercriminals seek from ransomware extortion, there is also intrinsic monetary value in accessing personally identifiable information (PII) as it can be sold to bad actors seeking opportunities to commit identity theft and steal money from financial accounts. The monetary demand for PII makes any source of this data a tempting target for cybercriminals, with patient healthcare data being no exception.

Interruptions in Workflow

While secure technology certainly has its benefits with improving patient care, the process of implementing new technology is not always as simple as plugging in a device or installing new software and immediately reaping the benefits. In order to maximize the potential for technology while minimizing disruptions, tech solutions need to be made with the end-user in mind.

New technology can cause issues such as “alert fatigue”, where the overuse of alarms causes users to tune out alerts and have difficulty distinguishing the seriousness of different alerts. Technology solutions also disrupt existing workflows and will often initially cause inefficiencies as healthcare providers adapt to the new additions to their procedures.

How Can eHealth Technologies Cybersecurity Be Improved?

If technology is to be used as a part of critical service delivery it needs to be implemented with cybersecurity as a priority. The future of eHealth depends on the trust of the patients in the technology used to treat them- a lack of adequate cybersecurity measures is a significant barrier to establishing this trust.

Healthcare institutions looking to improve cybersecurity can take a few basic steps to start them in the right direction:

  • Create and maintain a readily-available written information security program that details the current technical and physical safeguards used to protect sensitive data. This will give your organization an overview of what it currently being done and will serve as a baseline for future improvements.
  • Any device that is used to store or process sensitive data must be encrypted
  • Create an inventory of any devices used to store or process sensitive data, and ensure that these devices are regularly accounted for
  • Require any employees that can access workplace electronics or sensitive data to partake in mandatory data security training and re-training
  • Computers, phones, and other devices connected to the network should be regularly monitored and have basic security software implemented such as anti-malware and internet monitoring/restriction.
  • Create secure backups of patient data that is not constantly connected to the main network, and back it up regularly. In the event of a ransomware attack, you can recover your lost data while keeping the backups away from the infected network.
  • Ensure that endpoints (such as wireless/mobile devices) are monitored for suspicious activity and are secured with endpoint security software. Each device with a connection to the network is a potential entry point for security threats and must be secured appropriately.
  • Where feasible/necessary, consult with cybersecurity experts for advice specific to the needs of the organization.

For healthcare providers in the USA, the HIPAA Security Rule specifies a series of administrative, physical and technical security safeguards to implement in order to assure and maintain the confidentiality, integrity, and availability of all electronic personal health information (ePHI).

The future of eHealth depends on robust cybersecurity. The implementation of much-needed cybersecurity measures is easier said than done, particularly if budgetary considerations do not prioritize cybersecurity needs. In order for patients to trust and adopt eHealth as a part of their healthcare, the healthcare system needs to ensure their patients are as safe digitally as they are physically by prioritizing cybersecurity as a part of critical service delivery.

Leave a Comment